Automic VaultAutomic Vault

brew

Install gau with Homebrew, MacPorts, Nix

Open Threat Exchange, Wayback Machine, and Common Crawl URL fetcher. Version 2.2.4 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install gau

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install gau

MacPorts ports tree · www/gau/Portfile · source: api.github.com

Linux

Nixverified · 92%
nix profile install nixpkgs#gau

nixpkgs package indexes · pkgs/by-name/ga/gau/package.nix · source: api.github.com

overview

Package summary

Open Threat Exchange, Wayback Machine, and Common Crawl URL fetcher

Commands and aliases

  • gau

history

Project history and usage

getallurls, commonly packaged as `gau`, is a reconnaissance CLI that fetches known URLs for domains from AlienVault Open Threat Exchange, the Wayback Machine, Common Crawl, and URLScan. It is aimed at security researchers and bug bounty workflows that need historical and third-party URL discovery.

Project history

The project was created in February 2020 and reached a v1.0 release in April 2020. The README says gau was inspired by Tomnomnom's `waybackurls`, and the v2.0.4 release in November 2021 introduced a rewrite with speed improvements, a new URLScan provider, configuration-file loading, new filters, and SOCKS5 proxy support.

Adoption history

Official installation options include `go install`, cloning and building from source, downloading GitHub release binaries, and Docker. The input curation also records Homebrew, MacPorts, and Nix package availability, showing the tool's spread through common security-tool package channels.

How it is used

gau accepts domains from arguments or stdin and can run with worker threads, write results to a file, filter by extensions, status codes, MIME types, date ranges, providers, and proxy settings, and output JSON. It automatically looks for `$HOME/.gau.toml` or `%USERPROFILE%\.gau.toml` unless an alternate config is supplied.

Why package nerds care

gau is package-nerd-significant because it turns multiple web-archive and threat-intelligence sources into a composable Unix-style CLI. Its short name also collides with an oh-my-zsh git alias, a small but memorable packaging and shell-environment wrinkle documented by the project.

Timeline

  • 2020: Public GitHub repository created.
  • 2020: v1.0 released.
  • 2021: v2.0.4 rewrite release added URLScan, config loading, filters, and SOCKS5 proxy support.
  • 2024: v2.2.4 release published.

Related projects

  • gau is inspired by Tomnomnom's `waybackurls` and depends conceptually on AlienVault OTX, the Wayback Machine, Common Crawl, and URLScan as URL providers.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 8 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
~/.gau.toml
Windows
%USERPROFILE%\.gau.toml

executables

Installed executables

CommandKindExposureNote
gaucliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version2.2.4
manager updated
local dataok
upstreamcurrent
latest detectedv2.2.4

https://github.com/lc/gau

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:gau
Version2.2.4
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/gau
Homepagehttps://github.com/lc/gau
Repositoryhttps://github.com/lc/gau
Upstream docshttps://github.com/lc/gau#readme
LicenseMIT
Source archivehttps://github.com/lc/gau/archive/refs/tags/v2.2.4.tar.gz
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namegau
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

gau

nix profile install nixpkgs#gau
  • normalized package name match
  • Matched by: Gau
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ga/gau/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
MacPorts95%

gau

sudo port install gau
  • normalized package name match
  • Matched by: Gau
MacPorts ports tree · api.github.com · MacPorts ports tree: www/gau/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment